Security updates - masked until formal announcement is made

author: Caleb Tennis <caleb@gentoo.org> 2003-07-20 22:11:56 +0000
committer: Caleb Tennis <caleb@gentoo.org> 2003-07-20 22:11:56 +0000
commit: 8d0f2cc729739c9d57457d357d5ca31d12da0041 (patch)
tree: e51775aa5055539b3c35457c33ac37f1b60ddeac /kde-base
parent: Security updates - masked until formal announcement is made (diff)
download: gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.tar.gz
gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.tar.bz2
gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.zip
10 files changed, 333 insertions, 4 deletions
diff --git a/kde-base/kdelibs/ChangeLog b/kde-base/kdelibs/ChangeLog
index ca5fcd2cd1e3..2adf479300f3 100644
--- a/kde-base/kdelibs/ChangeLog
+++ b/kde-base/kdelibs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for kde-base/kdelibs
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.82 2003/07/20 21:00:58 caleb Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/ChangeLog,v 1.83 2003/07/20 22:11:47 caleb Exp $
+
+#kdelibs-3.0.5b-r1 (20 Jul 2003)
+*kdelibs-3.1.2-r1 (20 Jul 2003)
+
+  20 Jul 2003; Caleb Tennis <caleb@gentoo.org: kdelibs-3.1.2-r1.ebuild, kdelibs-3.0.5b-r1.ebuild:
+  Adding two security patches.
 
 *kdelibs-3.1.3 (20 Jul 2003)
 
diff --git a/kde-base/kdelibs/Manifest b/kde-base/kdelibs/Manifest
index dac6e849c587..7a4802c89f9b 100644
--- a/kde-base/kdelibs/Manifest
+++ b/kde-base/kdelibs/Manifest
@@ -1,12 +1,12 @@
 MD5 91af2953e64ba4168ad04792c0e85407 kdelibs-3.1.2.ebuild 2440
-MD5 e9bfd44832bca0ce28e2097ef3b3b61f kdelibs-3.1.2-r1.ebuild 2535
+MD5 a96d21c40dbd04b8ace9ef89537542d6 kdelibs-3.1.2-r1.ebuild 2537
 MD5 8a21daa4525f5d8edef9d9be0d4a3354 kdelibs-3.0.4-r1.ebuild 2303
 MD5 cc47efcd70a7e332a245ebb59833142d kdelibs-3.1.1a.ebuild 2645
-MD5 648bc1c7cf85bc30736c0c8b3ecdc883 kdelibs-3.0.5b-r1.ebuild 1994
+MD5 e907b234e307a34e574f3225b3f7d17b kdelibs-3.0.5b-r1.ebuild 1994
 MD5 b738a6c4ff97493257f186b1dfb853ee kdelibs-3.0.5b.ebuild 1921
 MD5 aa5a51f469ace2f163b3be24ba45c2f1 kdelibs-3.1.3.ebuild 2444
 MD5 ecb842ef67a00a4a3348c92a784cc3b7 kdelibs-2.2.2a-r2.ebuild 2570
-MD5 cfa8c737154f2c9b3c696585c859f0e3 ChangeLog 14330
+MD5 9c042ee71a2255b959b551785cae531a ChangeLog 14389
 MD5 14889ab75f97d76e58b0c1154e7683a9 metadata.xml 161
 MD5 41d30ba8cf8d36ad3caebeedb1ddfd0e files/kdelibs-3.1.3-kjs-alphaev6-gcc3-workaround.patch 477
 MD5 4232704fe9aeecbb09dbed9cb45b8529 files/kdelibs-3.0.5b-khtml.patch 848
diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.0.5b-r1 b/kde-base/kdelibs/files/digest-kdelibs-3.0.5b-r1
new file mode 100644
index 000000000000..13369594cf91
--- /dev/null
+++ b/kde-base/kdelibs/files/digest-kdelibs-3.0.5b-r1
@@ -0,0 +1 @@
+MD5 50b483665bc868f2dbc53aaaa3c2f302 kdelibs-3.0.5b.tar.bz2 7610088
diff --git a/kde-base/kdelibs/files/digest-kdelibs-3.1.2-r1 b/kde-base/kdelibs/files/digest-kdelibs-3.1.2-r1
new file mode 100644
index 000000000000..8a9950b60c75
--- /dev/null
+++ b/kde-base/kdelibs/files/digest-kdelibs-3.1.2-r1
@@ -0,0 +1 @@
+MD5 2b896ce9a6942e4cc4fe1758236bafa3 kdelibs-3.1.2.tar.bz2 10524265
diff --git a/kde-base/kdelibs/files/kdelibs-3.0.5b-http.patch b/kde-base/kdelibs/files/kdelibs-3.0.5b-http.patch
new file mode 100644
index 000000000000..0c724255e97e
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.0.5b-http.patch
@@ -0,0 +1,48 @@
+--- kioslave/http/http.cc	7 Dec 2002 16:17:53 -0000	1.470.2.20
++++ kioslave/http/http.cc	4 Jul 2003 13:29:57 -0000
+@@ -195,20 +195,33 @@
+   m_maxCacheAge = config()->readNumEntry("MaxCacheAge", DEFAULT_MAX_CACHE_AGE);
+   m_request.window = config()->readEntry("window-id");
+ 
+-  bool sendReferrer = config()->readBoolEntry("SendReferrer", true);
+-  if ( sendReferrer )
+-     m_request.referrer = metaData("referrer");
+-  else
+-     m_request.referrer = QString::null;
+-     
+-  if (!m_request.referrer.startsWith("http"))
++
++  m_request.referrer = QString::null;
++  if ( config()->readBoolEntry("SendReferrer", true) )
+   {
+-     if (m_request.referrer.startsWith("webdav"))
+-        m_request.referrer.replace(0, 6, "http");
+-     else
+-        m_request.referrer = QString::null;
++     KURL referrerURL = metaData("referrer");
++     if (referrerURL.isValid())
++     {
++        // Sanitize
++        QString protocol = referrerURL.protocol();
++        if (protocol.startsWith("webdav"))
++        {
++           protocol.replace(0, 6, "http");
++           referrerURL.setProtocol(protocol);
++        }
++        
++        if ((protocol == "http") || 
++            ((protocol == "https") && ((m_protocol == "https") || (m_protocol == "webdavs")))
++           )
++        {
++           referrerURL.setRef(QString::null);
++           referrerURL.setUser(QString::null);
++           referrerURL.setPass(QString::null);
++           m_request.referrer = referrerURL.url();
++        }
++     }
+   }
+-
++  
+   if ( config()->readBoolEntry("SendLanguageSettings", true) )
+   {
+       m_request.charsets = config()->readEntry( "Charsets", "iso-8859-1" );
diff --git a/kde-base/kdelibs/files/kdelibs-3.0.5b-khtml.patch b/kde-base/kdelibs/files/kdelibs-3.0.5b-khtml.patch
new file mode 100644
index 000000000000..df0e96dac366
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.0.5b-khtml.patch
@@ -0,0 +1,27 @@
+--- khtml/html/html_documentimpl.cpp	6 Sep 2002 23:13:21 -0000	1.139.2.2
++++ khtml/html/html_documentimpl.cpp	10 Jul 2003 11:15:34 -0000
+@@ -84,7 +84,23 @@
+ DOMString HTMLDocumentImpl::referrer() const
+ {
+     if ( view() )
+-        return view()->part()->referrer();
++    {
++        KURL referrerURL = view()->part()->referrer();
++        if (referrerURL.isValid())
++        {
++            QString protocol = referrerURL.protocol();
++
++            if ((protocol == "http") ||
++               ((protocol == "https") && (view()->part()->url().protocol() == "https")))
++            {
++                referrerURL.setRef(QString::null);
++                referrerURL.setUser(QString::null);
++                referrerURL.setPass(QString::null);
++                return referrerURL.url();
++            }
++        }
++    }
++
+     return DOMString();
+ }
+ 
diff --git a/kde-base/kdelibs/files/kdelibs-3.1.2-http.patch b/kde-base/kdelibs/files/kdelibs-3.1.2-http.patch
new file mode 100644
index 000000000000..2cae6948ddf9
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.1.2-http.patch
@@ -0,0 +1,42 @@
+--- kioslave/http/http.cc	7 May 2003 16:43:40 -0000	1.551.2.15
++++ kioslave/http/http.cc	4 Jul 2003 11:37:27 -0000	1.551.2.21
+@@ -230,19 +229,30 @@
+   kdDebug(7113) << "(" << m_pid << ") ssl_was_in_use = "
+                 << metaData ("ssl_was_in_use") << endl;
+ 
++  m_request.referrer = QString::null;
+   if ( config()->readBoolEntry("SendReferrer", true) &&
+        (m_protocol == "https" || m_protocol == "webdavs" ||
+         metaData ("ssl_was_in_use") != "TRUE" ) )
+-     m_request.referrer = metaData("referrer");
+-  else
+-     m_request.referrer = QString::null;
+-
+-  if (!m_request.referrer.startsWith("http"))
+   {
+-     if (m_request.referrer.startsWith("webdav"))
+-        m_request.referrer.replace(0, 6, "http");
+-     else
+-        m_request.referrer = QString::null;
++     KURL referrerURL = metaData("referrer");
++     if (referrerURL.isValid())
++     {
++        // Sanitize
++        QString protocol = referrerURL.protocol();
++        if (protocol.startsWith("webdav"))
++        {
++           protocol.replace(0, 6, "http");
++           referrerURL.setProtocol(protocol);
++        }
++        
++        if (protocol.startsWith("http"))
++        {
++           referrerURL.setRef(QString::null);
++           referrerURL.setUser(QString::null);
++           referrerURL.setPass(QString::null);
++           m_request.referrer = referrerURL.url();
++        }
++     }
+   }
+ 
+   if ( config()->readBoolEntry("SendLanguageSettings", true) )
diff --git a/kde-base/kdelibs/files/kdelibs-3.1.2-khtml.patch b/kde-base/kdelibs/files/kdelibs-3.1.2-khtml.patch
new file mode 100644
index 000000000000..276624135f4b
--- /dev/null
+++ b/kde-base/kdelibs/files/kdelibs-3.1.2-khtml.patch
@@ -0,0 +1,57 @@
+--- khtml/khtml_part.cpp	3 Jul 2003 17:13:02 -0000	1.770.2.27
++++ khtml/khtml_part.cpp	10 Jul 2003 11:45:10 -0000
+@@ -4171,7 +4171,27 @@
+ 
+ QString KHTMLPart::referrer() const
+ {
+-   return d->m_pageReferrer;
++   return d->m_referrer;
++}
++
++QString KHTMLPart::pageReferrer() const
++{
++   KURL referrerURL = d->m_pageReferrer;
++   if (referrerURL.isValid())
++   {
++      QString protocol = referrerURL.protocol();
++
++      if ((protocol == "http") ||
++         ((protocol == "https") && (m_url.protocol() == "https")))
++      {
++          referrerURL.setRef(QString::null);
++          referrerURL.setUser(QString::null);
++          referrerURL.setPass(QString::null);
++          return referrerURL.url();
++      }
++   }
++   
++   return QString::null;
+ }
+
+ 
+--- khtml/khtml_part.h	18 May 2003 12:34:36 -0000	1.197.2.5
++++ khtml/khtml_part.h	10 Jul 2003 11:45:11 -0000
+@@ -702,6 +702,11 @@
+   QString referrer() const;
+ 
+   /**
++   * Referrer used to obtain this page.
++   */
++  QString pageReferrer() const;
++
++  /**
+    * Last-modified date (in raw string format), if received in the [HTTP] headers.
+    */
+   QString lastModified() const;
+
+--- khtml/html/html_documentimpl.cpp	27 Jun 2003 09:55:33 -0000	1.143.2.6
++++ khtml/html/html_documentimpl.cpp	10 Jul 2003 11:45:11 -0000
+@@ -85,7 +85,7 @@
+ DOMString HTMLDocumentImpl::referrer() const
+ {
+     if ( view() )
+-        return view()->part()->referrer();
++        return view()->part()->pageReferrer();
+     return DOMString();
+ }
+ 
diff --git a/kde-base/kdelibs/kdelibs-3.0.5b-r1.ebuild b/kde-base/kdelibs/kdelibs-3.0.5b-r1.ebuild
new file mode 100644
index 000000000000..dc0165846d61
--- /dev/null
+++ b/kde-base/kdelibs/kdelibs-3.0.5b-r1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.0.5b-r1.ebuild,v 1.1 2003/07/20 22:11:47 caleb Exp $
+inherit kde eutils
+#don't inherit  kde-base or kde-dist! it calls need-kde which adds kdelibs to depend!
+
+IUSE="alsa cups ipv6 ssl"
+DESCRIPTION="KDE $PV - base libraries needed by all kde programs"
+KEYWORDS="x86 ppc ~alpha sparc"
+HOMEPAGE="http//www.kde.org/"
+SRC_URI="mirror://kde/stable/$PV/src/${P}.tar.bz2"
+SLOT="3.0"
+LICENSE="GPL-2 LGPL-2"
+
+# kde.eclass has kdelibs in DEPEND, and we can't have that in here. so we recreate the entire
+# DEPEND from scratch.
+DEPEND=""
+RDEPEND=""
+newdepend "dev-lang/perl
+	>=media-libs/audiofile-0.1.9
+	>=sys-apps/bzip2-1.0.1
+	>=dev-libs/libxslt-1.0.7
+	>=dev-libs/libpcre-3.5
+	>=dev-libs/libxml2-2.4.10
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	alsa? ( >=media-libs/alsa-lib-0.5.9 >=media-sound/alsa-driver-0.5.9 )
+	cups? ( >=net-print/cups-1.1.14 )
+	>=media-libs/tiff-3.5.5
+	app-admin/fam-oss
+	~kde-base/arts-1.0.5b
+	app-text/ghostscript
+	sys-devel/gettext"
+
+newdepend "/autotools"
+
+RDEPEND="$RDEPEND
+	app-text/sgml-common
+	cups? ( net-print/cups )
+	dev-lang/python
+	>=sys-apps/portage-2.0.36" # for bug #7359
+
+myconf="$myconf --with-distribution=Gentoo"
+use ipv6	|| myconf="$myconf --with-ipv6-lookup=no"
+use ssl		&& myconf="$myconf --with-ssl-dir=/usr"		|| myconf="$myconf --without-ssl"
+use alsa	&& myconf="$myconf --with-alsa"			|| myconf="$myconf --without-alsa"
+use cups	&& myconf="$myconf --enable-cups"		|| myconf="$myconf --disable-cups"
+
+[ "$ARCH" == "x86" ] && myconf="$myconf --enable-fast-malloc=full"
+
+qtver-from-kdever ${PV}
+need-qt $selected_version
+
+set-kdedir $PV
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-libxml2-2.5.2.diff
+	epatch ${FILESDIR}/${P}-http.patch
+	epatch ${FILESDIR}/${P}-khtml.patch
+	kde_sandbox_patch ${S}/kio/misc/kpac
+}
+
+
+src_install() {
+
+	kde_src_install
+	dohtml *.html
+
+}
diff --git a/kde-base/kdelibs/kdelibs-3.1.2-r1.ebuild b/kde-base/kdelibs/kdelibs-3.1.2-r1.ebuild
new file mode 100644
index 000000000000..6540b8d2c2e5
--- /dev/null
+++ b/kde-base/kdelibs/kdelibs-3.1.2-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdelibs/kdelibs-3.1.2-r1.ebuild,v 1.1 2003/07/20 22:11:47 caleb Exp $
+inherit kde
+#don't inherit  kde-base or kde-dist! it calls need-kde which adds kdelibs to depend!
+
+IUSE="alsa cups ipv6 ssl"
+DESCRIPTION="KDE libraries needed by all kde programs" 
+KEYWORDS="x86 ppc sparc alpha hppa"
+HOMEPAGE="http//www.kde.org/"
+SLOT="3.1"
+LICENSE="GPL-2 LGPL-2"
+SRC_URI="mirror://kde/stable/$PV/src/${P}.tar.bz2"
+
+# kde.eclass has kdelibs in DEPEND, and we can't have that in here.
+# so we recreate the entire DEPEND from scratch.
+DEPEND=""
+RDEPEND="doc? ( ~app-doc/kdelibs-apidocs-$PV )"
+newdepend "dev-lang/perl
+	>=media-libs/audiofile-0.1.9
+	>=sys-apps/bzip2-1.0.1
+	>=dev-libs/libxslt-1.0.7
+	>=dev-libs/libpcre-3.5
+	>=dev-libs/libxml2-2.4.10
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	alsa? ( >=media-libs/alsa-lib-0.5.9 >=media-sound/alsa-driver-0.5.9 )
+	cups? ( >=net-print/cups-1.1.14 )
+	>=media-libs/tiff-3.5.5
+	app-admin/fam-oss
+	app-text/ghostscript
+	media-libs/libart_lgpl
+	sys-devel/gettext
+	~kde-base/arts-1.1.2"
+
+newdepend "/autotools"
+
+RDEPEND="$RDEPEND
+	app-text/sgml-common
+	cups? ( net-print/cups )
+	dev-lang/python
+	>=sys-apps/portage-2.0.36" # for #7359
+
+myconf="$myconf --with-distribution=Gentoo --enable-libfam --enable-dnotify"
+use ipv6	|| myconf="$myconf --with-ipv6-lookup=no"
+use ssl		&& myconf="$myconf --with-ssl-dir=/usr"	|| myconf="$myconf --without-ssl"
+use alsa	&& myconf="$myconf --with-alsa"			|| myconf="$myconf --without-alsa"
+use cups	&& myconf="$myconf --enable-cups"		|| myconf="$myconf --disable-cups"
+
+use x86 && myconf="$myconf --enable-fast-malloc=full"
+
+qtver-from-kdever ${PV}
+need-qt $selected_version
+
+set-kdedir $PV
+
+src_unpack() {
+	kde_src_unpack
+	kde_sandbox_patch ${S}/kio/misc/kpac
+	use alpha && cd ${S} && epatch ${FILESDIR}/${P}-kjs-alphaev6-gcc3-workaround.patch
+	cd ${S} && epatch ${FILESDIR}/${P}-http.patch
+	cd ${S} && epatch ${FILESDIR}/${P}-khtml.patch
+}
+
+src_install() {
+	kde_src_install
+	dohtml *.html
+
+	# kdelibs-apidocs is provided by kdelibs-apidocs ebuild, kdelibs ebuild
+	# shouldn't install anything into kdelibs-apidocs (bug #15102)
+	rm -r ${D}/$KDEDIR/share/doc/HTML/en/kdelibs-apidocs
+}
+
+pkg_postinst() {
+	einfo "If you have kde 3.0.x installed, please upgrade to kdeils-3.0.5a-r2 and kdebase-3.0.5a-r1.
+	If they don't have your arch's keywords, edit /etc/env.d/65kdelibs-3.0.*, remove the KDEDIRS=
+	line and env-update."
+}
author	Caleb Tennis <caleb@gentoo.org>	2003-07-20 22:11:56 +0000
committer	Caleb Tennis <caleb@gentoo.org>	2003-07-20 22:11:56 +0000
commit	8d0f2cc729739c9d57457d357d5ca31d12da0041 (patch)
tree	e51775aa5055539b3c35457c33ac37f1b60ddeac /kde-base
parent	Security updates - masked until formal announcement is made (diff)
download	gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.tar.gz gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.tar.bz2 gentoo-2-8d0f2cc729739c9d57457d357d5ca31d12da0041.zip